CVE-2008-2388
https://notcve.org/view.php?id=CVE-2008-2388
Multiple off-by-one errors in opensuse-updater in openSUSE 10.2 have unspecified impact and attack vectors. NOTE: the vendor states that these "can be considered no security problem." Múltiples errores de superación de límite (off-by-one) en el actualizador de opensuse (opensuse-updater) en openSUSE 10.2 tienen un impacto no especificado y vectores de ataque. NOTA: el fabricante afirma que estos errores "no pueden ser considerados un problema de seguridad". • http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html http://secunia.com/advisories/30581 • CWE-189: Numeric Errors •
CVE-2008-2389
https://notcve.org/view.php?id=CVE-2008-2389
opensuse-updater in openSUSE 10.2 allows local users to access arbitrary files via a symlink attack. Actualizador de opensuse (opensuse-updater) en openSUSE 10.2 permite a ususarios locales acceder a archivos arbitrarios a través de ataque symlink. • http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html http://secunia.com/advisories/30581 http://www.securityfocus.com/bid/29608 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2008-1375 – kernel: race condition in dnotify (local DoS, local roothole possible)
https://notcve.org/view.php?id=CVE-2008-1375
Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors. Una condición de carrera en el subsistema directory notification (dnotify) en el Kernel de Linux versiones 2.6.x anteriores a 2.6.24.6, y versiones 2.6.25 anteriores a 2.6.25.1, permite a usuarios locales causar una denegación de servicio (OOPS) y posiblemente alcanzar privilegios por medio de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html http://lists.vmware.com/pipermail/security-announce/2008/000023.html http://marc.info/?l=linux-kernel&m=120967963803205&w=2 http://marc.info/?l=linux-kernel&m=120967964303224&w=2 http://secunia.com/advisories/30017 http://secunia.com/advisories/30018 http://secu • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2008-1567
https://notcve.org/view.php?id=CVE-2008-1567
phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information. phpMyAdmin versiones anteriores a 2.11.5.1, almacena la clave secreta MySQL de (1) nombre de usuario (2) contraseña, y (3) Blowfish, en texto sin cifrar en un archivo de Sesión bajo /tmp, que permite a los usuarios locales obtener información confidencial. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html http://secunia.com/advisories/29588 http://secunia.com/advisories/29613 http://secunia.com/advisories/29964 http://secunia.com/advisories/30816 http://secunia.com/advisories/32834 http://secunia.com/advisories/33822 http://sourceforge.net/tracker/index.php?func=detail&aid=1909711&group_id=23067&atid=377408 http://www.debian.org/security/2 • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2008-0063 – krb5: possible leak of sensitive data from krb5kdc using krb4 request
https://notcve.org/view.php?id=CVE-2008-0063
The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values." El soporte Kerberos 4 en KDC en MIT Kerberos 5 (krb5kdc) no borra apropiadamente la parte no utilizada de un búfer cuando se genera un mensaje de error, lo que podría permitir a los atacantes remotos obtener información confidencial, también se conoce como "Uninitialized stack values." • http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html http://secunia.com/advisories/29420 http://secunia.com/advisories/29423 http://secunia.com/advisories/29424 http://secunia.com/advisories/29428 http://secunia.com/advisories/29435 http://secunia.com/advisories/29438 http://secunia.com/advisories/29450 http://secunia.com/advisories/2 • CWE-908: Use of Uninitialized Resource •